RMX Security CERT Global
- JVN: EC-CUBE における認可回避の脆弱性EC-CUBE には、認可回避の脆弱性が存在します。続きを読む ... read more
- TZCERT-SU-24-0321 (Red Hat Security Update)Red Hat has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. Users and ... read more
- TZCERT-SU-24-0329 (IBM Security Update)IBM has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. Users and Administrators ... read more
- TZCERT-SU-24-0330 (Mageia Security Update)Mageia has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. Users and Administrators ... read more
- TZCERT-SU-24-0328 (Tenable Security Update)Tenable has released security updates to address vulnerabilities in multiple versions of Tenable Security Center. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. ... read more
- TZCERT-SU-24-0327 (Chrome Security Update)Google has released security updates to address vulnerabilities in Chrome products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. Users and Administrators are ... read more
- TZCERT-SU-24-0326 (Oracle Linux Security Update)Oracle has released security updates to address vulnerabilities in Oracle Linux. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. Users and Administrators are ... read more
- TZCERT-SU-24-0324 (Ubuntu Security Update)Ubuntu has released security updates to address vulnerabilities in PAM and Thunderbird packages. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. Users and ... read more
- TZCERT-SU-24-0325 (SUSE Security Update)SUSE has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. Users and Administrators ... read more
- TZCERT-SU-24-0322 (Apple Security Update)Apple has released security updates to address vulnerabilities in in Safari, macOS Sonoma and macOS Ventura. Exploitation of these vulnerabilities may allow an attacker to take control of an affected ... read more
- TZCERT-SU-24-0323 (Dell Security Update)Dell has released security updates to address vulnerabilities affecting its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. Users and Administrators ... read more
- CERTFR-2024-AVI-0252 : Multiples vulnérabilités dans Nagios XI (27 mars 2024)De multiples vulnérabilités ont été découvertes dans Nagios XI. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et une injection de code indirecte ... read more
- CERTFR-2024-AVI-0253 : Vulnérabilité dans Aruba ArubaOS-Switch (27 mars 2024)Une vulnérabilité a été découverte dans Aruba ArubaOS-Switch. Elle permet à un attaquant de provoquer un déni de service à distance. ... read more
- CERTFR-2024-AVI-0254 : Multiples vulnérabilités dans Google Chrome (27 mars 2024)De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur. ... read more
- Skills shortage and unpatched systems soar to high-ranking 2030 cyber threatsThe European Union Agency for Cybersecurity (ENISA) publishes the executive summary of this year’s ‘Foresight Cybersecurity Threats for 2030’ presenting an overview of key findings in the top 10 ranking. ... read more
- Fejlimplementeringer i DNS resolvere gør det muligt at foretage “application-layer” loopsFor at illustrere angrebsvektoren kan man forestille dig to DNS-resolvere med en sådanne reaktionsmønstre, hvis der er fejl i det generede input. Hvis input er fejlbehæftet, vil det skabe en anden ... read more
- Advarer om Volt TyphoonDe fem lande, USA, Storbritannien, Canada, Australien og New Zealand, som sammen har etableret Five-Eyes enheden følger nu op på en advarsel fra CISA, der tidligere på året advarede om ... read more
- PoC-udnyttelse udgivet til Fortinet RCE-fejlResearchere har offentliggjort en proof-of-concept (PoC) udnyttelse til en kritisk sårbarhed i Fortinets FortiClient Enterprise Management Server (EMS) software. Det skriver Bleeping Computer. Sprog Dansk Keywords: sårbarhederLæs mere om PoC-udnyttelse udgivet ... read more
- Ivanti Releases Security Updates for Neurons for ITSM and Standalone SentryIvanti has released security advisories to address vulnerabilities in Ivanti Neurons for ITSM and Standalone Sentry. A cyber threat actor could exploit these vulnerabilities to take control of an affected system. ... read more
- New chapter begins as ENISA celebrates 20 years of strengthening cybersecurityGreek Minster of Digital Governance, Dimitrios Papastergiou joined the European Union Agency for Cybersecurity (ENISA) on the occasion of celebrating the 20 years since its establishment and the ENISA Management ... read more
- The Importance of Divesity in Cybersecurity: Carol WareIn this podcast from the Carnegie Mellon University Software Engineering Institute, Carol Ware, a senior cybersecurity engineer in the SEI’s CERT Division, discusses her career path, the value of ... read more
- Fortra udgiver opdatering om kritisk RCE-fejlFortra har i denne uge udgivet en opdatering til en kritisk sårbarhed, som oprindeligt blev opdaget i august 2023. Det skriver Dark Reading. Sårbarheden har id’et CVE-2024-25153 og en CVSS-score ... read more
- Researchere har afsløret en ny phishingtaktik, der omgår MLResearchere har afdækket en ny type cyberangreb, der bruger tilslørede e-mails til at snyde. maskinlæringssystemer til at infiltrere af virksomhedsnetværk. Det skriver Infosecurity Magazine. Det er virksomheden SlashNext, der afdækker ... read more
- The Importance of Diversity in Software Engineering: Suzanne MillerIn this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Suzanne Miller, a principal researcher in the SEI’s Software Solutions Division, discusses her career path, the value ... read more
- API Security through Contract-Driven ProgrammingThis blog post explores contract programming and specifically how that applies to the building, maintenance, and security of APIs. ... read more
- CERT-SE:s veckobrev v.11I veckan har MSB:s årsrapport för föregående års it-incidentrapportering släppts. Till skillnad från tidigare år, där majoriteten av de rapporterade it-incidenterna har berott på systemfel och misstag, vår cyberangrepp den ... read more
- Kritisk sårbarhet i Juniper Secure AnalyticsJuniper rättar flera sårbarheter i Juniper Secure Analytics (JSA). En av sårbarheterna är kritisk [1] ... read more
- The Importance of Diversity in Artificial Intelligence: Violet TurriAcross the globe, women account for less than 30 percent of professionals in technical fields. That number drops to 22 percent in the field of Artificial Intelligence (AI). In ... read more
- The Importance of Diversity in Cybersecurity: Carol WareIn this podcst from the Carnegie Mellon University Software Engineering Institute (SEI), Carol Ware, a senior cybersecurity engineer in the SEI's CERT Division, discusses her career path, the value ... read more
- Microsofts månatliga säkerhetsuppdateringar för mars 2024Microsoft har släppt sina månatliga säkerhetsuppdateringar. Totalt åtgärdas 61 sårbarheter, av varierande allvarligthetsgrad. Två av dem har av Microsoft klassificerats som kritiska. Det rör sig pm CVE-2024-21407 och CVE-2024-21408. Bägge ... read more
- TZCERT-SU-24-0257 (pgAdmin Security Update)Shielder has released security update to address a vulnerability in pgAdmin. Exploitation of this vulnerability may allow an attacker to take control of affected system. Users and administrators are encouraged ... read more
- TZCERT-SU-24-0263 (Dell Security Update)Dell has released security updates to address vulnerabilities in Dell NetWorker vProxy and Dell NetWorker (NRE). Exploitation of these vulnerabilities may allow an attacker to take control of affected system. ... read more
- TZCERT-SU-24-0264 (Ubuntu Security Update)Ubuntu has released security updates to address vulnerabilities in Linux kernel, libxml2 and accountsservice. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and ... read more
- TZCERT-SU-24-0262 (NetApp Security Update)NetApp has released security updates to address vulnerabilities in ISC Bind, libexpat, curl and Apache Commons. Exploitation of these vulnerabilities may allow an attacker to cause a denial of service ... read more
- TZCERT-SU-24-0261 (Chrome Security Update)Oracle has released security updates to address vulnerabilities in ChromeOS. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and administrators are encouraged to ... read more
- TZCERT-SU-24-0260 (IBM Security Update)IBM has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and administrators are ... read more
- TZCERT-SU-24-0258 (WordPress Security Update)Wordfence has released security updates to address vulnerabilities in Essential Addons for Elementor, Tutor LMS, WP Statistics and News Announcement Scroll. Exploitation of these vulnerabilities may allow an attacker to ... read more
- TZCERT-SU-24-0259 (Mageia Security Update)Mageia has released security updates to address vulnerabilities in libtiff and thunderbird. Exploitation of these vulnerabilities may allow an attacker to cause a denial of service condition. Users and administrators ... read more
- Example Case: Using DevSecOps to Redefine Minimum Viable ProductThis SEI blog post, authored by SEI interns, describes their work on a microservices-based software application, an accompanying DevSecOps pipeline, and an expansion of the concept of minimum viable product ... read more
- TZCERT-SU-24-0238 (NetApp Security Update)NetApp has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. Users and Administrators ... read more
- TZCERT-SU-24-0240 (Apple Security Update)Apple has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. Users and Administrators ... read more
- TZCERT-SU-24-0247 (VMware Security Update)VMware has released security updates to address a vulnerability in VMware Cloud Director. Exploitation of this vulnerability may allow an attacker to obtain sensitive information from an affected system. Users ... read more
- TZCERT-SU-24-0246 (GitLab Security Update)GitLab has released security updates to address vulnerabilities in GitLab prior to versions 16.9.2, 16.8.4, 16.7.7 for GitLab Community Edition (CE) and Enterprise Edition (EE). Exploitation of these vulnerabilities may ... read more
- TZCERT-SU-24-0245 (NetGear Security Update)NetGear has released security updates to address a vulnerability in Wireless AX Router Nighthawk. Exploitation of this vulnerability may allow an attacker to take control of an affected system. Users ... read more
- TZCERT-SU-24-0244 (Jenkins Security Update)Jenkins has released security updates to address vulnerabilities in its multiple packages. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. Users and Administrators ... read more
- TZCERT-SU-24-0243 (IBM Security Update)IBM has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerability may allow an attacker to take control of an affected system. Users and Administrators ... read more
- TZCERT-SU-24-0241 (Mageia Security Update)Mageia has released security updates to address vulnerabilities in its multiple packages. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. Users and Administrators ... read more
- TZCERT-SU-24-0242 (Cisco Security Update)Cisco has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. Users and Administrators ... read more
- TZCERT-SU-24-0239 (Lenovo Security Update)Lenovo has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. Users and Administrators ... read more
- Apple Released Security Updates for Multiple ProductsApple released security updates to address vulnerabilities in Safari, macOS, watchOS, tvOS, and visionOS. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. ... read more
Title | Category | Tag |
Chemical Industry – Parsons Report – Cybersecurity |
CybersecurityICSIIOT | cybersecurity epcm ICS |
US DOE CIB – 21 Steps to Improve Cyber Security of SCADA Networks – Cybersecurity |
CybersecurityIIOTInfrastructure | cybersecurity ICS SCADA |